"As a Microsoft consultant, my clients always ask me Why didn't I recommend some tweak? - so I'm continually battling "myths" or tweaks that are so minor, it makes no sense to have yet another change to a "standardized" configuration. While I try to send my clients to the Microsoft site first, there are many articles they don't have. (Actually, there's simply no reason for Microsoft to document how to use their software "incorrectly") So I'm always pleased to provide my clients a links to YOUR site. Thanks again for all the hard work you put into your website - it shows!!!" - Blake H.
"I must say... your web page is probably one of the most complete and most informative web sites I have ever seen. Please keep up the good work!" - Matthew G.
"Thank you for all the information in the optimization and myths articles!" - Adrian
"This is an excellent Windows resource. As a matter of fact, the whole site is excellent, from content to layout to polish. I stumbled upon your 'XP Myths' page completely at random through a Google search, and was shocked to find information of such depth." - Dave I.
"Thanks for your informative article on XP myths. I've seen a lot of whacky myths, especially coming from power users and developers who think they know it all." - Rei
"Great programming and good to expose XP myths!" - Doug
"Good job on XP Myths, thanks for clarifying a lot of obscure tweaks and myths!!" - Martin C.
"Great article! Even though most of the information wasn't new for me, I've learned one or two things I had no idea about. So thanks for it." - Sergi R.
"Great site you have - especially regarding the myths you have listed - very well true!" - Collin E.
"I wanted to Thank You for creating this web site. It has been by far one of the most needed resources on the web. Please keep up the great work!" - Alan N.
"I ran across your myths page and hope to send some folks your way by mentioning it in my Blog. Great stuff!" - Bill P.
"I liked your page on the myths of tweaking the XP operating system. It revealed a lot of misinformation on tweaking the XP OS." - Ryan M.
"I found that article quite an interesting read, I never thought so many myths (no matter how stupid they are) exist." - Jarrod C.
"Great guide, good to see someone has actually done the research to see if half this stuff improves windows performance." - John C.
"From the first days of Windows tweaking became necessary. The problem is often not enough knowledge to determine what is right. Judging a tweak by instinct is not the best way and your showing why something is or is not right is a big help, even for a long time Windows tweaker." - Frank T.
"Ok, your myths page blew me away. I work in digital audio using a PC, and I've been a mega-tweak-head for many years. It's hard to know what the hell to believe, because so many of these tweak programs have these settings - but you make a helluva strong case. Good job my man - keep up the good work; frikken awesome." - Tim R.
"Nice website site on debunking tweak myths. thanx" - Michael D.
"I found your website through Wikipedia and I just wanted to let you know that I think it's really great. I have been doing tech support for years and some of the information on your site really cleared up a lot of misconceptions I've had for a long time. I was "brought up" so to speak on Win98 and just assumed a lot of the tweaked carried over to XP. A real eye opener, to say the least!" - Johnathan G.
"I would like to say thank you for the excellent info on Windows XP. It was only after I read you XP optimization myths did I realize that many of these tweaking applications actually reduce performance! I'm most grateful for the information on your pages. Thank you and keep up the good work." - David
"Great guide, is just scary how millions of people believe in these tweaks and registry cleaners." - Luzia Z.
"I would like to commend you on the site. I like the fact that you actually provide references to back up your statements, something lacking in so many tech sites." - Larry M.
"It's really a good and informative work. Many things I knew, other was new for me. Thank you one more time!" - Holger S.
"I just wanted to drop a line to let you know how much I appreciate your website. To see and prove all of the XP Myths incorrect is a blessing to those of us that use and love XP. For instance, I was a "believer" (from the TweakXP website) that disabling Prefetch was a good thing. I had disabled it in all of my XP machines at home (we have 6 PCs with various versions of XP) and at work. Once re-enabled, the performance was incredible. Also, Disk Defragmenter ... well ... let's just say that after downloading Diskeeper 2007, I will never use Defrag in its stock form again." - John M.
"Thanks for taking the time to inform the people of all these myths! On Metacafe there are many alleged speedups, tweaks, ect. that are bogus and some times harmful to the computer. When I see some of these videos on that site, I sometimes post that the video is false or else a link to this site. I for one appreciate your hard work to inform the people! Thanks a bunch." - Roger F.
"Great site! It is nice to have a reliable source on what works and what doesn't. Keep up the good work." - Eric M.
"Thanks for a great site. After reading through the myths I re-evaluated the different tweaks I'm using and enjoy knowing more about what does what and how/why." - Jon R.
"This is the most accurate site i have ever been to. I have tried so many tweaks, unfortunately with trial and error. I did not know that most of these tweaks were gimmicks, especially tools like registry tweakers, system optimizers and worst of all tweaking my services. I checked out the "disabling services from your web page" and wahla!!! Wouldn't you know it, it was actually precise and my computer is running smooth, quick and stable. I also readjusted all the tweaks according to your site, re-enabling everything I had disabled and starting fresh from this site. Wow!!! Thank you so much, you guys ROCK!!" - Thomas C.
"Congratulations on your article. It really takes down some old myths present in my mind caused by incorrect technical articles I've read in the past (the service configuration for example). Please continue to write articles like this." - Paolo
"I have to say... Kudos to you Andrew. Simply Awesome site. After going to PC Forums for years I feel just a little silly after reading this site. So much advice from so called experts and 98% is wrong or misguided in many cases. I'll definitely be passing this site onto my friends and even posts in my regular tech Haunts via the web. Cheers for all of the hard work in putting this together. And I really appreciate the links to Microsoft's guides and all the other fantastic links for System support. I hope this site stays around for a long time." - C.R.
"I've been fighting with my computer for a week and learned that reliable-seeming tricks to speed it up can slow it down or cause damage. After finally hunting down your user-friendly site and looking over the XP Myths, this site is the one source I've found who's intelligence I trust for diagnosing, optimizing, etc. I'm telling people I've found the "holy grail." - Erin

XP Myths - Myths Regarding Windows XP

Myth (Definition) - "A fiction or half-truth, especially one that forms part of an ideology." There are numerous Myths floating around the Internet regarding Windows XP, especially relating to Optimizations and Security. This site will debunk these.

Requirement Myths

4GB RAM Issue

Myth - "Windows XP does not support 4GB of RAM"

Reality - "On any 32-bit Operating System (not only Windows), you only have access to 4GB of address space by default. A 32-bit Operating System can actually handle 4GB of memory. The issue is the way in which the hardware allocates memory for its own resources. The hardware needs to allocate memory space to use for things like the PCI bus, BIOS, the video card and others. It allocates this from the address space presented to it, which is not necessarily the same as the amount of physical RAM installed. Also of note, it allocates this memory from top to bottom. The problem is, when you have 4GB of RAM installed, the amount of physical memory installed is the same as the address space. If you have 4GB RAM, and the hardware needs to allocate a large chunk of memory for its own use, and it does this from top to bottom, the memory that is blocked off starts at 4GB and allocates downwards. So, the final amount of RAM the OS will be able to see is the difference. This is because when it actually allocates for the physical RAM in the system, it has to skip the chunk that was blocked off by the hardware. Since a 32-bit OS can only see 4GB, the rest of the RAM is invisible because it is above the 4GB barrier. By using the /PAE switch, you enable the OS to see above this barrier, and you can see all of your RAM, sometimes. The real problem comes back to hardware. The OS can only handle whatever resources are shown to it by the hardware BIOS. If the hardware does not support a large enough addressing range, then it simply won't report anything above that so the OS is in the dark. If the hardware supports 36-bit PAE Intel Extensions or the AMD equivalent, and you use an OS that supports PAE, you should be able to enable both and see all of the RAM."

Notes - Windows XP Home and Professional limit physical address space to 4 GB for driver compatibility reasons. To use more than 4 GB of RAM you will need to get Windows XP Professional x64 Edition which supports up to 128 GB of RAM.

Reality - "Many MS-DOS-based games will run on Windows XP and a
community out there is dedicated to smoothing the way. MS-DOS was a 16-bit platform. Windows 95 meshed 16-bit and 32-bit code with MS-DOS at its core. Most 16-bit MS-DOS based programs would work fine on Windows 95. Windows 95, 98, and Me were all based on the same core technology (called kernel). Windows XP is based on a completely different kernel. It's built on code that was introduced in Windows NT, evolved into Windows 2000, and was enhanced for Windows XP. The Windows NT kernel doesn't have any MS-DOS components in it at all-it's a pure 32-bit beast. It includes a 16-bit emulator and a command prompt mode that looks like MS-DOS. MS-DOS-based games don't have the friendly installers found in the Windows 9x-based games. You should install MS-DOS-based games from a command prompt. One of the trickiest parts of making MS-DOS-based games to run on Windows XP is getting the sound to work. Succeeding at getting your ancient games up and running on Windows XP can be as rewarding as playing the game itself!"

Reality - "Your normal software and games could not care less what file system they are being stored on. As long as it's supported by the operating system you are using, there will be no problem. With NTFS, however, permissions can play a factor in whether a game runs correctly or not. If you don't have access to a particular file that's needed by the software, it's not going to work. This is different than when a file is stored on FAT32, and is probably responsible for the mistaken belief that a game, or other software, must be compatible with NTFS. This is another good reason to familiarize yourself with the file and folder permissions in NTFS."

Reality - "Windows XP can be installed on surprisingly low system requirements contrary to popular opinion. With the average life cycle of a regular PC being roughly 4-6 years, just about any PC being used today can run Windows XP. The following requirements are Microsoft's "official" minimum system requirements which I have tested to work fine with the exception of only 64 MB of RAM (performance is poor). Increasing your RAM to 128 MB would be the only upgrade I would strongly consider as my absolute minimum Windows XP system requirements."

* Actual requirements will vary based on your system configuration and the applications and features you choose to install. Additional available hard disk space may be required if you are installing over a network.

Notes - Again 128 MB of RAM is recommended as the minimum, since below that disables some features, reduces prefetching benefits and reduces overall performance. Anyone who claims Windows XP will not work with these settings has never actually installed Windows XP on this hardware. Older systems generally benefit from faster hard drive performance (5400 RPM to 7200 RPM, 40 conductor IDE cables to 80 conductor ect...) and faster Internet Connections (Dial-up to Broadband) before upgrading the RAM and so forth. Adding more RAM is almost always a good idea but it is important to understand what exactly you are trying to improve. The most common complaints on older systems are loading times and Internet Performance. Windows XP will work fine for basic Office, Email and Internet use. Many do not realize how low Office 2000 or Office XP's System Requirements are either. These are the minimum requirements for Windows XP NOT any third party software you choose to use. The system requirements for any third party software must be met to use that software properly.

Reliability Myths

Reality - "Not true. The truth is, your drive is going to work much harder if you never defrag at all! It is a common misconception that defragmentation is stressful to disk drives. In reality, fragmentation results in many more disk accesses. Here is an example: If you have a file that is fragmented into 50 pieces, and you access it twice a day for a week, that's a total of 700 disk accesses (50 x 2 x 7). Defragmenting the file may cost 100 disk accesses (50 reads + 50 writes), but thereafter only one disk access will be required to use the file. That's 14 disk accesses over the course of a week (2 x 7), plus 100 for the defragmentation process = 114 total. 700 accesses for the fragmented computer versus 114 for the defragmented computer - the benefits are obvious."

- Windows XP Professional ran over 30 times as long without encountering problems as those running Windows 98 SE.
- None of the Windows XP Professional systems had a single application or operating system failure during the test period.
- None of the Windows 2000 Professional Gold systems had a single application or operating system failure during the test period.

Optimization Myths

Also known as "Bad Tweaks" these are frequently recommended and included in various tweaking programs claiming to improve performance. You will not find them supported with documented reproducible testing but rather anecdotal claims. In each case they either do absolutely nothing or even worse, actually hurt performance. For optimizations that work use the Optimize XP guide.

Reality - "Adding this Registry Key in Windows 2000 or XP has no effect since this registry key is no longer supported in Microsoft Windows 2000 or later. The Shell automatically unloads a DLL when its usage count is zero, but only after the DLL has not been used for a period of time. This inactive period might be unacceptably long at times, especially when a Shell extension DLL is being debugged. For operating systems prior to Windows 2000, you can shorten the inactive period by adding this registry key."

Reality - "Microsoft's Clearmem, the memory-consuming test tool, is a simulation tool that lets developers measure the minimum working set for a process and to help system administrators isolate cache bottlenecks on servers. Clearmem was originally found on the Windows NT Resource Kit 4.0 CD and can now be found on the Windows Server 2003 Resource Kit. It allocates and references all available memory, consuming any inactive pages in the working sets of all processes (including the cache) and effectively clears the cache of all file data. As Clearmem increases its working set the working sets of all other processes are trimmed until they contain only pages currently being used and those most recently accessed. This reduces the performance of all running applications every time you run this by reducing their amount of available memory, forcing them to needlessly page and causing any cached file data to have to be reread from disk."

Reality - "The System.ini and Win.ini files are provided in Windows XP for backward compatibility with 16-bit applications (MS-DOS-based programs). They have no effect on the Windows XP paging file settings which are stored in the Registry. This setting only effects Windows 95/98 operating systems. The default setting for ConservativeSwapfileUsage is 1 for Windows 95, and 0 (zero) for Windows 98. On Windows 98 systems you can set ConservativeSwapfileUsage=1 under the [386Enh] heading of the System.ini file causing the system to behave as Windows 95 does, at some cost in overall system performance."

Myth - "Setting DisablePagingExecutive to 1 improves performance by preventing the kernel from paging to disk."

Reality - "DisablePagingExecutive applies only to ntoskrnl.exe. It does not apply to win32k.sys (much larger than ntoskrnl.exe!), the pageable portions of other drivers, the paged pool and of course the file system cache. All of which live in kernel address space and are paged to disk. On low memory systems this can force application code to be needlessly paged and reduce performance. If you have more than enough RAM for your workload, yes, this won't hurt, but then again, if you have more than enough RAM for your workload, the system isn't paging very much of that stuff anyway. This setting is useful when debugging drivers and generally recommended for use only on servers running a limited well-known set of applications."

Reality - "This statement would be true if the built-in defragmenter was fast, automatic, and customizable. Unfortunately, the built-in defragmenter does not have any of these features. The built-in defragmenter takes many minutes to hours to run. It requires that you keep track of fragmentation levels, you determine when performance has gotten so bad you have to do something about it, and then you manually defragment each drive using the built-in defragmentation tool."

Notes - The Disk Defragmenter tool in Windows 2000/XP is based on the commercial version of Diskeeper. The version that is included with Microsoft Windows 2000/XP provides limited functionality in maintaining disk performance by defragmenting volumes that use the FAT, the FAT32, or the NTFS file system. The XP version offers some improvements over the 2000 version but still has the following limitations:

- It can defragment only local volumes.
- It can defragment only one volume at a time.
- It cannot defragment one volume while scanning another.
- It cannot be easily scheduled without scripts or third party utilities
- It can run only one Microsoft Management Console (MMC) snap-in at a time.

Reality - "If a program error occurs, Dr. Watson will start automatically but not before unless you manually start it. Which means disabling Dr. Watson has no effect on system performance. Dr. Watson (Drwtsn32.exe) for Windows is a program error debugger that gathers information about your computer when an error (or user-mode fault) occurs with a program. Technical support groups can use the information that Dr. Watson obtains and logs to diagnose a program error. When an error is detected, Dr. Watson creates a text file (Drwtsn32.log) that can be delivered to support personnel by the method they prefer. You also have the option of creating a crash dump file, which is a binary file that a programmer can load into a debugger. This is valuable information to help troubleshoot a system problem, thus it makes no sense to disable Dr. Watson."

Notes - Programs errors should be addressed and not ignored by making sure you are using the latest non-Beta version of the application that crashed and apply all patches that are available from the developer of the application. This can also be a warning sign something is wrong or misconfigured with your system. Use the Diagnose XP Guide to help troubleshoot the most common causes of system problems.

Reality - "NTFS provides performance, reliability, and advanced features not found in any version of FAT. NTFS features: Built-In Security, Recoverability, Alternate Streams, Custom File Attributes, Compression, Object Permissions, Economical Disk Space Usage using a more Efficient Cluster Size and Fault Tolerance. Windows XP comes with NTFS 3.1 which includes even more advanced features such as: Encryption, Disk Quotas, Sparse Files, Reparse Points, Volume Mount Points. None of which is available with FAT32."

Performance
"NTFS is built for speed with impressive disk I/O performance on large volumes (Over 400 MB). NTFS uses a binary tree structure for all disk directories, which reduces the number of times the system has to access the disk to locate files. This system is best for large directories, and NTFS easily outperforms FAT32 in these situations. In addition, NTFS automatically sorts files in a folder on the fly. NTFS gains an edge over FAT32 by using relatively small disk allocation units (cluster sizes) for NTFS volumes. Smaller clusters prevent wasted disk space on volumes, especially those with numerous small files. Because NTFS uses small clusters better and has a more efficient design, its performance doesn't degrade with large volumes, in contrast to FAT's."

"NTFS is generally believed to be slower than FAT. However, with a correctly created NTFS volume, NTFS performance optimizations, and improved disk defragmentation, NTFS performance (including the extra "journaling") is equivalent to FAT on small disks and is faster than FAT on large disks. FAT32 performance is further reduced for volumes larger than 32 GB in two areas:

- Boot time with FAT32 is increased because of the time required to read all of the FAT structure. This must be done to calculate the amount of free space when the volume is mounted.
- Read/write performance with FAT32 is affected because the file system must determine the free space on the disk through the small views of the massive FAT structure. This leads to inefficiencies in file allocation."

Gaming Performance
"The numbers show...not much difference. In fact, the only test that doesn't show near-perfect parity is PCMark04, and the difference between the results on the two file systems is less than two percent. HDTach's read and access tests, which respectively measure how fast data can be read from the drive and how quickly the drive can locate data, were nearly identical. More importantly, the gaming tests showed nary a difference in all-important frame rates between the file systems and the cluster sizes. Based on the uniformity we experienced, we highly recommend that users of Windows XP take advantage of the NTFS file system. Its gaming prowess matches that of FAT32 and it boasts a healthy line-up of advantages over its opponent."

Reliability
"NTFS is a reliable file system. When storing data to disk, NTFS records file I/O events to a special transaction log. If the system crashes or encounters an interruption, NTFS can use this log to restore the volume and prevent corruption from an abnormal program termination or system shutdown. NTFS doesn't commit an action to disk until it verifies the successful completion of the action. This precaution helps prevent corruption of an NTFS volume. NTFS also supports hot-fixing disk sectors, where the OS automatically blocks out bad disk sectors and relocates data from these sectors. This housecleaning happens in the background. An application attempting to read or write data on a hot-fixed area will never know the disk had a problem."

Reality - "Windows XP CONVERT creates the best possible cluster size according to the existing FAT format. On NTFS volumes, clusters start at sector zero; therefore, every cluster is aligned on the cluster boundary. For example, if the cluster size was 4K and the sector size was 512 bytes, clusters will always start at a sector number that is a multiple of 4096/512 for example, 8. However, FAT file system data clusters are located after the BIOS Parameter Blocks (BPB), reserved sectors, and two FAT structures. FAT formatting cannot guarantee that data clusters are aligned on a cluster boundary. In Windows 2000, CONVERT handled this problem by forcing an NTFS cluster size of 512 bytes, which resulted in reduced performance and increased disk fragmentation. In Windows XP, CONVERT chooses the best cluster size (4K is the ideal)."

Notes - The FAT32 file system does not use a default cluster size smaller than 4 KB. The maximum NTFS default cluster size under Windows XP is 4 KB because NTFS file compression is not possible on drives with a larger allocation size.

Myth - "This will free up processing time from any idle tasks and allow it to be used by the foreground application."

Reality - Idle tasks do not use up any resources unless the system is idle and not being used. The Task Scheduler service will check if the computer is in an idle state every 15 minutes. The computer is considered to be in an idle state if there is 0% CPU usage and 0% disk input or output for 90% of the past fifteen minutes and if there is no keyboard or mouse input during this period of time. The system cannot be running on battery power either. Any user input marks the end of the idle state. Windows schedules some maintenance tasks when the system is idle and running on AC power. Other third-party programs and services may be running during system idle time also. To optimize system performance and reliability, Windows XP is designed to automatically run system maintenance tasks during system idle time:

The command Rundll32.exe advapi32.dll,ProcessIdleTasks sole purpose is to allow benchmarks a simple way to force any pending idle tasks to be executed immediately, without having to wait a lengthy period of time.

Myth - "It is necessary to delete the Hiberfil.sys before defragmenting."

Reality - "The Hiberfil.sys is a file to which the system's physical memory is written during hibernation. On resuming from hibernation, the BIOS reads Hiberfil.sys to restore the state of the computer to its pre-hibernation state. Because the location of the Hibernate file is determined very early in the startup process, it cannot be moved. It can, however, be defragmented safely at startup using a commercial defragmenter such as
Diskeeper or the freeware utility PageDefrag."

Myth - "Increasing the IOPageLockLimit will lock more memory for exclusive access by the kernel, improving performance."

Reality - "Indeed, it does do this but only in an RTM Windows 2000 machine. It does absolutely nothing in Windows 2000 Service Pack 1 and up, and absolutely nothing in Windows XP. This makes it effectively useless, since no one in their right minds would be running RTM Windows 2000. The RTM kernel references IoPageLockLimit. The SP1 kernel does not. Neither do any subsequent editions of the kernel; neither does the XP kernel in any of its incarnations."

Reality - "This is a made up nonexistent command that does absolutely nothing. The System.ini and Win.ini files are provided in Windows XP for backward compatibility with 16-bit applications (MS-DOS-based programs). They have no effect on any Windows XP settings or 32-bit applications which are stored in the Registry."

Reality - "IRQs don't even HAVE a concept of "priority" in the NT family; they do have something called "IRQL" (interrupt request level) associated with them. But the interval timer interrupt is already assigned a higher IRQL than any I/O devices, second only to the inter-processor interrupt used in an MP machine. The NT family of OSes don't even use the real-time clock (IRQ 8) for time keeping in the first place! They use programmable interval timer (8254, on IRQ 0) for driving system time keeping, CPU time accounting, and so on. IRQ 8 is used for profiling, but profiling is almost never turned on except in very rare development environments. Even if it was possible it doesn't even make sense why adjusting the real-time clock priority would boost performance? The real-time clock is associated with time keeping not CPU frequency. I would not be surprised if this originated in an overclocking forum somewhere. This "tweak" can be found in most XP all-in-one tweaking applications. This is a perfect example of why they are not recommended."

Reality - "LargeSystemCache determines whether the system maintains a standard size or a large size file system cache, and influences how often the system writes changed pages to disk. Increasing the size of the file system cache generally improves file server performance, but it reduces the physical memory space available to applications and services. Similarly, writing system data less frequently minimizes use of the disk subsystem, but the changed pages occupy memory that might otherwise be used by applications. On workstations this increases paging and causes longer delays whenever you start a new app. Simply put enable this on a file server and disable it on everything else."

Notes - "System cache mode is designed for use with Windows server products that act as servers. System cache mode is also designed for limited use with Windows XP, when you use Windows XP as a file server. This mode is not designed for everyday desktop use. When you enable System cache mode on a computer that uses Unified Memory Architecture (UMA)-based video hardware or an Accelerated Graphics Port (AGP), you may experience a severe and random decrease in performance. For example, this decrease in performance can include very slow system performance, stop errors, an inability to start the computer, devices or applications that do not load, and system instability. The drivers for these components consume a large part of the remaining application memory when they are initialized during startup. Also, in this scenario, the system may have insufficient RAM when the following conditions occur:

Reality - "Use this setting if your computer frequently crashes, and you are trying to minimize problems or troubleshoot. Be aware, however, this process uses more memory and that doing this could slow down the performance of your computer."

Notes - Windows XP is a very stable operating system and should never Lock-up (freeze), display Blue Screen Stop Errors or Randomly Reboot. These are all warning signs something is wrong or misconfigured with your system. Use the Diagnose XP Guide to help troubleshoot the most common causes of system problems.

Myth - "The NTFS File system does not get fragmented and Defragmenters are unnecessary."

Reality - "Even though NTFS is more resistant to fragmentation than FAT, it can and does still fragment. The reason NTFS is less prone to fragmentation is that it makes intelligent choices about where to store file data on the disk. NTFS reserves space for the expansion of the Master File Table, reducing fragmentation of its structures. In contrast to FAT's first-come, first-served method, NTFS's method of writing files minimizes, but does not eliminate, the problem of file fragmentation on NTFS volumes."

Reality - "Enabling this will clear the Window's paging file (Pagefile.sys) during the shutdown process, so that no unsecured data is contained in the paging file when the shutdown process is complete. If you enable this feature, the shutdown time will be increased. Some third-party programs can temporarily store unencrypted (plain-text) passwords or other sensitive information in memory. Because of the Windows virtual memory architecture, this information can be present in the paging file. Although clearing the paging file is not a suitable substitute for physical security of a computer, you might want to do this to increase the security of data on a computer while Windows is not running."

Reality - "You gain no performance improvement by turning off the Paging File. When certain applications start, they allocate a huge amount of memory (hundreds of megabytes typically set aside in virtual memory) even though they might not use it. If no paging file (pagefile.sys) is present, a memory-hogging application can quickly use a large chunk of RAM. Even worse, just a few such programs can bring a machine loaded with memory to a halt. Some applications (e.g., Adobe Photoshop) will display warnings on startup if no paging file is present."

Notes - "In modern operating systems, including Windows, application programs and many system processes always reference memory using virtual memory addresses which are automatically translated to real (RAM) addresses by the hardware. Only core parts of the operating system kernel bypass this address translation and use real memory addresses directly. All processes (e.g. application executables) running under 32 bit Windows gets virtual memory addresses (a Virtual Address Space) going from 0 to 4,294,967,295 (2*32-1 = 4 GB), no matter how much RAM is actually installed on the computer. In the default Windows OS configuration, 2 GB of this virtual address space are designated for each process' private use and the other 2 GB are shared between all processes and the operating system. RAM is a limited resource, whereas virtual memory is, for most practical purposes, unlimited. There can be a large number of processes each with its own 2 GB of private virtual address space. When the memory in use by all the existing processes exceeds the amount of RAM available, the operating system will move pages (4 KB pieces) of one or more virtual address spaces to the computer's hard disk, thus freeing that RAM frame for other uses. In Windows systems, these "paged out" pages are stored in one or more files called pagefile.sys in the root of a partition. Virtual Memory is always in use, even when the memory required by all running processes does not exceed the amount of RAM installed on the system."

Solid State Drives (SSD) - Most pagefile operations are small random reads or larger sequential writes, both of which are types of operations that SSDs handle well. In fact, given typical pagefile reference patterns and the favorable performance characteristics SSDs have on those patterns, there are few files better than the pagefile to place on an SSD.

Myth - "Moving the Paging File to a different partition on the same drive improves performance."

Reality - "Moving the Paging File (pagefile.sys) to a different partition on the same physical hard disk drive does not improve performance. Simply using a different partition on the same drive will result in more head-seeking activity, as the drive jumps between the Windows and paging file partitions. Even though moving the paging file in this case can have the positive effect of defragmenting it, the loss in I/O performance out weighs any gains. It is better to simply defragment the paging file using PageDefrag and keep maximum I/O performance by leaving the paging file where it is with a single drive setup.

Notes - "If your PC has more then one physical hard drives you can enhance performance by putting the paging file on a different partition and on a different physical hard disk drive. That way, Windows can handle multiple I/O requests more quickly. When the paging file is on the boot partition, Windows must perform disk reading and writing requests on both the system folder and the paging file. When the paging file is moved to a different partition and a different physical hard disk drive, there is less competition between reading and writing requests. However, if you remove the paging file from the boot partition, Windows cannot create a dump file (Memory.dmp) in which to write debugging information in the event that a kernel mode Stop Error message occurs. This could lead to extended downtime if you must debug to troubleshoot the Stop error message. The optimal solution is to create one paging file that is stored on the boot partition, and then create one paging file on another partition that is less frequently accessed on a different physical hard disk if a different physical hard disk is available. Additionally, it is optimal to create the second paging file so that it exists on its own partition, with no data or operating-system-specific files. By design, Windows uses the paging file on the less frequently accessed partition over the paging file on the more heavily accessed boot partition. An internal algorithm is used to determine which paging file to use for virtual memory management."

Solid State Drives (SSD) - Paging file location on SSD drives is irrelevant since access time is identical for every location on SSD drives.

Reality - "Putting a Paging File in a RAM drive is a ridiculous idea in theory, and almost always a performance hit when tested under real-world workloads. You can't do this unless you have plenty of RAM and if you have plenty of RAM, you aren't hitting your paging file very often in the first place! Conversely, if you don't have plenty of RAM, dedicating some of it to a RAM drive will only increase your page fault rate. Now you might say "yeah, but those additional page faults will go faster than they otherwise would because they're satisfied in RAM." True, but it is still better to not incur them in the first place. And, you will also be increasing the page faults that have to be resolved to exe's and dll's, and the paging file in RAM won't do diddly to speed those up. But thanks to the paging file in RAM, you'll have more of them. Also: the system is ALREADY caching pages in memory. Pages lost from working sets are not written out to disk immediately (or at all if they weren't modified), and even after being written out to disk, are not assigned to another process immediately. They're kept on the modified and standby page lists, respectively. The memory access behavior of most apps being what it is, you tend to access the same sets of pages over time... so if you access a page you lost from your working set recently, odds are its contents are still in memory, on one of those lists. So you don't have to go to disk for it. Committing RAM to a RAMdisk and putting a paging file on it makes fewer pages available for those lists, making that mechanism much less effective. And even for those page faults resolved to the RAMdisk paging file, you are still having to go through the disk drivers. You don't have to for page faults resolved on the standby or modified lists. Putting a paging file on a RAMdisk is a self-evidently absurd idea in theory, and actual measurement proves it to be a terrible idea in practice. Forget about it."

Myth - "Adding the /Prefetch:1 Switch to the startup path of a program's shortcut will decrease the program's startup time."

Reality - It does not improve performance in any way. All it does is change your hash number - the OS is doing exactly the same thing it did before, and just saving the prefetch pages to a different file. Ryan Myers of Microsoft's Windows Client Performance Team writes: "The /prefetch:# flag is looked at by the OS when we create the process - however, it has one (and only one) purpose. We add the passed number to the hash. Why? WMP is a multipurpose application and may do many different things. The DLLs and code that it touches will be very different when playing a WMV than when playing a DVD, or when ripping a CD, or when listening to a Shoutcast stream, or any of the other things that WMP can do. If we only had one hash for WMP, then the prefetch would only be correct for one such use having incorrect prefetch data would not be a fatal error - it'd just load pages into memory that'd never get used, and then get swapped back out to disk as soon as possible. Still, it's counterproductive. By specifying a /prefetch:# flag with a different number for each "mode" that WMP can do, each mode gets its own separate hash file, and thus we properly prefetch. (This behavior isn't specific to WMP - it does the same for any app.) This flag is looked at when we create the first thread in the process, but it is not removed by CreateProcess from the command line, so any app that chokes on unrecognized command line parameters will not work with it. This is why so many people notice that Kazaa and other apps crash or otherwise refuse to start when it's added. Of course, WMP knows that it may be there, and just silently ignores its existence. I suspect that the "add /prefetch:1 to make rocket go now" urban legend will never die, though."

Myth - "Setting any value higher then 3 to EnablePrefetcher will improve performance."

Reality - The Prefetcher component in Windows XP is part of the Memory Manager, and helps to shorten the amount of time it takes to start Windows and programs. This is a new feature in Windows XP which improves application load times and Windows boot times automatically. The slower your system and the larger an application, the more Prefetching helps. Even high end systems benefit from prefetching with large, slow loading applications, such as large games. By default Prefetching is enabled in Windows XP and already configured optimally. The following list describes the different possible values for the EnablePrefetcher registry key.

By default the Prefetcher is set to a value of 3 in Windows XP. Values such as 4, 5, 6 ect... do not exist and are thus useless. Leave this at the default value of 3 which is already optimal for maximum performance on both Windows XP Boot and initial application launches.

Low Memory Systems - Recommendations to disable Prefetching on low memory systems (128 MB - 512 MB) is based on the fallacy that portions of application code are preloaded into memory before the application load is initiated during Windows startup. This is completely false and is spread by people who do not understand how Windows XP Prefetching works. The slower the system the more it will benefit from Prefetching. 64 MB systems will suffer due to insufficient RAM, reducing but not eliminating Window XP's prefetching benefits. 128 MB is the recommended minimum for optimal prefetching performance.

Boot Performance - Recommendations to set the EnablePrefetcher value to 2 to improve boot performance is based on the fallacy that portions of application code are preloaded into memory before the application load is initiated during Windows XP startup. This is completely false and is spread by people who do not understand how Windows XP Prefetching works. Only the files used during boot will be Prefetched. The Prefetch folder is not a cache. Windows XP will boot in the exact same amount of time with either value 2 or 3, the only difference with 2 is that now all of your initial application launches will not be Prefetched and thus load slower. The default value of 3 in no way negatively affects Windows XP boot times. Leave the value at 3 for optimal Windows XP boot and initial application launch times.

Solid State Drives (SSD) - SSDs that perform adequately on random reads and do not have glaring performance issues with random writes or flushes can benefit from having prefetching disabled. Some first generation SSDs had severe enough random write and flush problems that ultimately lead to disk reads being blocked for long periods of time. With prefetching enabled, performance on key scenarios was markedly improved.

Reality - Deleting the contents of the Prefetch folder will reduce application launch and windows boot time performance. Every time you delete an application's Prefetch (.PF) file you will cripple that application's load time the next time you go to launch it. Even though Windows XP will simply re-create that application's Prefetch (.PF) trace file, that application's optimal load time will not be restored until after the second time you launch that application and the system has been able to go idle and fully run the prefetch optimization. Windows XP automatically cleans the Prefetch folder down to the 32 most used Prefetch (.PF) trace files when the folder reaches 128 files so they do not needlessly consume space. This cleaning is only done when the system has gone idle. Prefetch (.PF) trace files are not a cache and are not preloaded into memory upon windows startup. They are never even accessed until you launch an application. Only one Prefetch (.PF) trace file per application is created. There is never ANY reason to delete these files.

Laptop Users - Windows XP will not execute idle tasks when running on battery power and thus cannot fully optimize prefetch performance and clean the folder (if necessary). You can manually force this to run by going to "Start", "Run", Type Rundll32.exe advapi32.dll,ProcessIdleTasks. This can take 10-15 minutes to run but no notification will be given when it is finished. You will notice increased hard drive activity while it is running wait until this stops. If you frequently run only on battery power it is recommend to do this once a month.

Malware/Viruses - Some people irresponsibly recommend cleaning this folder due to possible Malware/Virus infection. Malware/Viruses can place an infected file(s) in any folder and the Prefetch folder is no different. Do these same people recommend deleting the contents of the Windows folder because it is a popular location to find an infected file(s)? Of course not, you simply clean or delete the infected file(s) not the contents of the folder. This Myth got started due to the indiscriminate nature of the Windows Prefetcher, which will Prefetch any executable file that you load or loads during Windows start up. Thus it is quite common on an infected machine to find a Prefetch (.PF) trace file in the Prefetch folder with the same name as an infected executable. These files are NOT Malware/Viruses. They are there to improve the load time, in this case ironically, of the Malware/Virus but do not contain any infected code. Once the associated infected executable is deleted, these Prefetch (.PF) trace files do nothing and will eventually automatically be cleaned by Windows.

Corrupted Files - Some people claim that Prefetch (.PF) trace files can get randomly "corrupted" and thus they need to be periodically deleted. Files do not get "corrupted" unless something is wrong with your computer. Any file corruption is a warning sign something is wrong with your system. Overclocking, using defective components like Memory and hard drives and using FAT32 instead of the superior NTFS file system are common causes of file corruption. NTFS is very resilient to file corruption as compared to FAT32. When storing data to disk, NTFS records file I/O events to a special transaction log. If the system crashes or encounters an interruption, NTFS can use this log to restore the volume and prevent corruption from an abnormal program termination or system shutdown. NTFS doesn't commit an action to disk until it verifies the successful completion of the action. This precaution helps prevent corruption of an NTFS volume. NTFS also supports hot-fixing disk sectors, where the OS automatically blocks out bad disk sectors and relocates data from these sectors. This housecleaning happens in the background. An application attempting to read or write data on a hot-fixed area will never know the disk had a problem. Thus the solution is fixing the cause of the file corruption.

CCleaner - Finally the useless, performance slowing cleaning option "Old Prefetch data" was moved to the advanced section and is now not selected by default. Never select this option for cleaning as it will increase application and Windows load times. This option removes Prefetch files that are a few weeks old based on the NTFS last access date. Since Windows XP already cleans this folder at 128 entries, this is a useless option that will only reduce system performance. You should never delete a Prefetch file for any installed application since that would cripple it's load times. Just because a program was not used in a few weeks does not mean you want it to load as slow as possible when you do decide to use it. If you disable the NTFS last access date stamp then this option will delete the whole contents of the Prefetch folder after a few weeks, which will cripple Windows Boot and all application load times. The Prefetch folder is also ridiculously small so cleaning Prefetch files before the 128 limit will reclaim next to no disk space. This option clearly needs a warning to prevent people from unknowingly hurting their system performance. Anyone who claims this should be cleaned for ANY reason does not understand how Windows Prefetching works.

Myth - "Disabling QoS will free up the 20% bandwidth reserved by QoS."

Reality - "There have been claims in various published technical articles and newsgroup postings that Windows XP always reserves 20 percent of the available bandwidth for QoS. These claims are incorrect. As in Windows 2000, programs can take advantage of QoS through the QoS APIs in Windows XP. 100% of the network bandwidth is available to be shared by all programs unless a program specifically requests priority bandwidth. This "reserved" bandwidth is still available to other programs unless the requesting program is sending data. By default, programs can reserve up to an aggregate bandwidth of 20% of the underlying link speed on each interface on an end computer. If the program that reserved the bandwidth is not sending sufficient data to use it, the unused part of the reserved bandwidth is available for other data flows on the same host."

Myth - "Increasing the amount of available RAM using RAM Optimizers/Defragmenters improves performance."

Reality - "RAM Optimizers have no effect, and at worst, they seriously degrade performance. Although gaining more available memory might seem beneficial, it isn't. As RAM Optimizers force the available-memory counter up, they force other processes' data and code out of memory. Say that you're running Word, for example. As the optimizer forces the available-memory counter up, the text of open documents and the program code that was part of Word's working set before the optimization (and was therefore present in physical memory) must be reread from disk as you continue to edit your document. The act of allocating, then freeing a large amount of virtual memory might, as a conceivable side effect, lead to blocks of contiguous available memory. However, because virtual memory masks the layout of physical memory from processes, processes can't directly benefit from having virtual memory backed by contiguous physical memory. As processes execute and undergo working-set trimming and growth, their virtual-memory-to-physical-memory mappings will become fragmented despite the availability of contiguous memory."

Reality - "The RegClean utility is no longer supported by Microsoft and has been removed from all Microsoft download sites. This was done for legitimate compatibility reasons with certain applications and Operating Systems. The RegClean utility was originally supplied with Microsoft Visual Basic version 4.0 for Windows. The last version of RegClean was 4.1a (build 7364.1) released on March 13, 1998 (RegClean.exe is dated December 30, 1997). During this time the latest Operating Systems were Windows 95 OSR2.1 and Windows NT 4.0. Windows 98 was not released until June 25, 1998. Compatibility with any Operating System besides Windows 95 and NT 4.0 was never substantiated, especially Windows XP. It is very dangerous to run a Registry Cleaner that was never certified to run on your Operating System since removing the wrong Registry Keys can break Applications and the Operating System. RegClean breaks functionality in the following Applications:

Reality - "A few hundred kilobytes of unused keys and values causes no noticeable performance impact on system operation. Even if the registry was massively bloated there would be little impact on the performance of anything other than exhaustive searches."

Reality - "Unlike Registry Cleaners, defragmenting the registry can improve performance. Paging and Registry file fragmentation can be one of the leading causes of performance degradation related to file fragmentation in a system. It is only recommended to use the free program PageDefrag or a commercial defragmenter like Diskeeper to defragment the registry."

Reality - "Some third-party sources have erroneously reported that modifying the SecondLevelDataCache registry entry can enhance system performance. The second level (L2) cache is recognized by the operating system and is fully utilized regardless of the setting of this parameter."

Notes - "SecondLevelDataCache records the size of the processor cache, also known as the secondary or L2 cache. If the value of this entry is 0, the system attempts to retrieve the L2 cache size from the Hardware Abstraction Layer (HAL) for the platform. If it fails, it uses a default L2 cache size of 256 KB. If the value of this entry is not 0, it uses this value as the L2 cache size. This entry is designed as a secondary source of cache size information for computers on which the HAL cannot detect the L2 cache. This is not related to the hardware; it is only useful for computers with direct-mapped L2 caches. Pentium II and later processors do not have direct- mapped L2 caches. SecondLevelDataCache can increase performance by approximately 2 percent in certain cases for older computers with ample memory (more than 64 MB) by scattering physical pages better in the address space so there are not so many L2 cache collisions. Setting SecondLevelDataCache to 256 KB rather than 2 MB (when the computer has a 2 MB L2 cache) would probably have about a 0.4% performance penalty."

DNS Client Service - "The overall performance of the client computer decreases and the network traffic for DNS queries increases if the DNS resolver cache is deactivated. This effectively reduces Internet Performance for sites you have previously visited and puts an unnecessary load on your ISP's DNS server."

Task Scheduler Service - "Disabling the Task Scheduler completely cripples Windows XP's Boot and Application Load times by preventing Prefetch (.PF) trace files and the Layout.ini file from being created or updated."

Notes - Disabling other unnecessary services in general has only one affect on performance and that is reduced Windows XP boot times.

Myth - "Setting this value to 26 gives a boost to the priority of foreground applications."

Reality - "Yes this can but there is no need to edit the registry to do this. The GUI control for this is built-in to Windows. Go to the Control Panel, System Icon, Advanced Tab, Performance - click Settings, Advanced Tab, Processor Scheduling and select 'Programs'. By default, Windows puts a priority on the foreground programs (20 Hexadecimal). Choosing the 'Programs' option (26 Hexadecimal) will result in a smoother, faster response time for your foreground programs. However, if you have background services, such as printing or disk backup that run while you work and you want them to respond faster, you can have Windows share processor resources equally between background and foreground programs by choosing the 'Background services' option (18 Hexadecimal)."

Myth - "Setting this value to 38 gives a boost to the priority of foreground applications."

Reality - "People are confusing the Hexadecimal and Decimal value settings of this registry key. By choosing the 'Programs' option in Windows XP this sets the value to 26 Hexadecimal = 0x00000026, which is automatically translated to 38 Decimal = (38). This is shown as 0x00000026 (38) in the registry. The Windows XP Registry Editor defaults to changing the Hexadecimal Value when you go to modify a registry key. The problem is it is commonly recommended to change this value to "38" with no mention of this being the Decimal value and instead the Hexadecimal Value is changed because it is the default. This makes the key show 0x00000038 (56). This is not one of this key's functional values and setting a bit field in Win32PrioritySeparation to values other than those shown in the table will result in the Windows XP default value being used instead. Thus this does absolutely nothing."

Myth - "Adding EnableSuperfetch to the registry improves performance in Windows XP as it does in Windows Vista."

Reality - "This myth was started when the Inquirer irresponsibly ran a bogus letter without doing any fact checking. Windows internals guru Mark Russinovich said this won't work, the "Superfetch" string isn't even in the Windows XP kernel. You can confirm this yourself by checking with the Strings utility. This makes it impossible for it to do anything since no "Superfetch" command exists. Windows cannot execute a nonexistent command and will simply ignore it. Anyone who says this works is not only lying but a fool."

Reality - "System Restore does not cause any noticeable performance impact when monitoring your computer. The creation of a Restore point also is a very fast process and usually takes only a few seconds. Scheduled System Checkpoints (every 24 hours by default) are created only at system idle time to avoid interfering with a computer during use."

Reality - "ALL System.ini and Win.ini so-called "Tweaks" are made up nonsense. They include made up commands that do not exist followed by imaginary settings - thus doing absolutely nothing. The System.ini and Win.ini files are provided in Windows XP for backward compatibility with 16-bit (MS-DOS, Windows 3.x) applications. They have no effect on any Windows XP settings or 32-bit applications which are stored in the Registry."

Notes - These files are edited using the System Configuration Utility (Msconfig.exe) or Sysedit.

Reality - Deleting temporary files does not improve application, gaming or system performance on NTFS volumes. All it does is increase your available disk space. This is because performance does not degrade under NTFS, as it does under FAT, with larger volume sizes. While AntiVirus, AntiSpyware and general disk scan/search times can be reduced, these are not what people associate with improved performance. Deleting the contents of your browser cache actually reduces performance for previously visited web pages since they must be reloaded into the cache. This does not mean you should not do this periodically for house cleaning reasons. Only that you should not expect improved performance from doing so.

* The use of long file names can significantly reduce the number of available files and subfolders within a folder.

Notes - "With the NTFS file system, small folder records reside entirely within the MFT structure, while large folders are organized B-tree structures and have records with pointers to external clusters that contain folder entries that cannot be contained within the MFT structure. The benefit of using B-tree structures is evident when NTFS enumerates files in a large folder. The B-tree structure allows NTFS to group, or index, similar file names and then search only the group that contains the file, minimizing the number of disk accesses needed to find a particular file, especially for large folders. Because of the B-tree structure, NTFS outperforms FAT for large folders because FAT must scan all file names in a large folder before listing all of the files."

Reality - Windows XP offers better performance than Windows 2000 so long as the recommended Windows XP requirements are met regardless of the age of the computer. With 128 MB of RAM Windows XP is superior to Windows 2000 and all older versions of Windows. This includes dramatically faster boot and resume times and highly responsive applications. Performance only gets better with additional resources, particularly when you run memory-intensive multimedia applications.

Security Myths

Cookies

Myth - "Cookies are Spyware."

Reality - "Cookies are not Spyware. It's grossly irresponsible for these Anti-Spyware companies to treat cookies like Spyware. REAL Spyware is malicious, machine-hijacking junk that throw pop-ups on your computer, resets your start page, and all sorts of other ugly tricks. A cookie is a text file that has some non-personal information what banner ads have shown on certain sites. That's it. Go ahead and open the cookie on your computer and you'll see it's harmless. Cookies are not Spyware, no matter how hard these Anti-Spyware companies try to make them out to be."

Notes - Certain Cookies can still pose some privacy concerns and if you wish to remove them it will do no harm. The point is when you find many of these after running a standard Anti-Spyware scan you should not get excited that you are infected with malicious Spyware.

Reality - "On a nonmanaged XP machine today, it isn't realistic to run without Administrator privileges. Unlike UNIX and UNIX-like systems such as Linux and Apple Computer's Mac OS X, Windows isn't very useable with a non-Administrator account, largely because so many applications are ignorant of rights and were written to work only with Administrator-level accounts. This is particularly problematic in a home environment, in which XP Home Edition's crippled Limited Account type, designed for children and less-technical users, is virtually useless. In Windows XP, the lame Run As option, virtually hidden under a right-click menu that typical users will never know about, is a poor substitute."

Notes - "After you log on to a computer by using a Limited User Account, you may observe one or more of the following behaviors when you try to use a program that is not expressly designed for Windows XP.

- The program does not run.
- The program stops responding (hangs).
- You receive notification of run-time error 7 or run-time error 3446.
- The program does not recognize that a CD-ROM is in the CD-ROM drive.
- The program does not allow you to save files.
- The program does not allow you to open files.
- The program does not allow you to edit files.
- The program displays a blank error message.
- You cannot remove the program.
- You cannot open the Help file.

This behavior can occur because the Limited User Account prevents older programs from performing certain functions. Microsoft lists over 189 applications in this article alone that do not work right on a Limited User Account."

Reality - "Power User accounts allow the installation of software, including ActiveX controls and can easily be elevated to fully-privileged administrators. The lesson is that as an IT administrator you shouldn't fool yourself into thinking that the Power Users group is a secure compromise on the way to running as limited user."

Reality - "Using Special AntiSpyware Hosts Files are a waste of time and leads to a false sense of security. Any Malware/Spyware can easily modify the Hosts File at will, even if it is set to Read-only. It is impossible to "lock-down" a Hosts File unless you are running as a limited user which makes using it in this case irrelevant anyway. Various Malware/Spyware uses the Hosts File to redirect your Web Browser to other sites. They can also redirect Windows to use a Hosts File that has nothing to do with the one you keep updating. The Hosts file is an archaic part of networking setups that was originally meant to be used on a LAN and was the legacy way to look up Domain Names on the ARPANET. It tells a PC the fixed numeric address of the internal server(s) so the PC doesn't have to go looking for them through all possible addresses. It can save time when "discovering" a LAN. I don't consider 1970's ARPANET technology useful against modern Malware/Spyware. When cleaning Malware/Spyware from a PC, it is much easier to check a clean Hosts File then one filled with thousands of lines of addresses. Considering how easily a Hosts File can be exploited, redirected and potentially block good sites, it is strongly recommended NOT to waste time using Special Hosts Files."

127.0.0.1
"Special AntiSpyware Hosts Files attempt to associate a known safe, numeric address (127.0.0.1) with the names of sites or IP addresses you want to block. When the user or any process on the PC then tries to access a blocked site, it is instead directed to the safe location. It is simply impossible to update a Hosts file frequently enough since it is cheap and easy to purchase new domain names and move to new IP addresses. You also run into problems in accidentally blocking good sites since many sites share the same IP addresses with other sites using Shared IP Hosting. Also once a malicious site is shutdown, that IP Address then becomes free and can easily be acquired by another non-malicious site."

Large Hosts Files
"Large Hosts Files cause Internet related slowdowns due to DNS Client Server Caching. This negatively effects your browsing speed. AntiSpyware Hosts File authors irresponsibly recommend disabling the DNS Client Service to solve this problem. This is not a solution. The overall performance of the client computer decreases and the network traffic for DNS queries increases if the DNS resolver cache is deactivated. This effectively reduces Internet Performance for sites you have previously visited and puts an unnecessary load on your ISP's DNS server."

Notes - There is a much better solution for bad site blocking using SpywareBlaster which more intelligently use's Internet Explorer's built-in Zone Security settings and the registry. Mozilla/Firefox protection is also provided.

Myth - "It is impossible or difficult to secure Windows XP from Spyware, Malware or Viruses."

Reality - "It is very easy to secure Windows XP, simply use the Secure XP - A Windows XP Security Guide on this site. To put it bluntly I simply do not get infected with anything. Keep in mind nothing can fully protect you from something you manually install."

Myth - "System Restore can reinfect your system after you cleaned it from Spyware, Malware or Viruses."

Reality - "This cannot happen so long as you have the AntiVirus or AntiSpyware application running that initially cleaned the infection. During a restoration, an active AntiVirus program scans for infected files. If the AntiVirus program detects any infected files, the AntiVirus program tries to modify, move, or delete the infected files. If the AntiVirus program successfully cleans the infected files, System Restore restores the cleaned files. However, if the AntiVirus software cannot clean a file, the AntiVirus software deletes or quarantines the file. As a result, the restoration does not work because these actions to the file cause an inconsistent restoration state. As a result, System Restore reverts to the state immediately before the restoration. Signature files for AntiVirus programs are updated as viruses become known. As a result, a restoration that did not work several days ago might succeed after the AntiVirus program is updated. However, if you undo and retry a restoration to a point that succeeded before, the restoration may not work if a new signature or definition detects a virus that the AntiVirus program cannot clean on a backed-up file."

Myth - "There are Really Hidden Files in Windows XP that are impossible to see."

Reality - "Any file can be seen in Windows XP once you change from the default view settings. Go to the Control Panel, Appearance and Themes, Folder Options, select Show hidden files and folders and uncheck Hide protected operating system files (Recommended). Protected operating system files also known as Super Hidden Files are by default hidden from view. They are critical system files that if deleted can cause various system problems."

Streams
The NTFS file system includes a feature called alternate or multiple data streams that enables data to be managed as a single unit. Using multiple data streams, a file can be associated with more than one application at a time, such as Microsoft Word and WordPad or a graphics program can store a thumbnail image of a bitmap in a named data stream within the NTFS file containing the image. Windows Explorer will not report the correct file size for files utilizing multiple data streams. A free utility, Streams can be used to view files utilizing multiple data streams.

Rootkits
It is possible to get infected by malicious programs known as "Rootkits" which can truly hide themselves from being viewed in Windows Explorer. These malicious programs can be detected using special scanners such as RootkitRevealer.

Reality - "With the increase in the growth of viruses and Trojan programs, many computer users have turned to the Internet as a fast and easy tool to warn friends and co-workers of these threats. At the same time, there has also been a growth of virus hoax warnings. These warnings often describe fantastical or impossible virus or Trojan program characteristics, but appear to be real and forwarding these hoax warnings to friends and co-workers only perpetuates the problem. If you receive an Email that you suspect is a hoax, do not forward it to anyone and never open the attachments. Check online to confirm it is a hoax and delete the Email. If the Email originated from someone you know, send them an Email explaining the hoax."

Notes - Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.

Myth - "The Windows XP Firewall is not good enough because it lacks outbound filtering."

Reality - "I believe there are a lot of incorrect assumptions and outright myths about outbound filtering. I really like the Firewall in Windows XP Service Pack 2 (SP2). It is lightweight, centrally manageable, does the job well, is unobtrusive, and does something very critical: it protects the system at boot. That last one is crucial; we have seen many systems in the past get infected during boot even with a firewall turned on. Any outbound host-based firewall filtering in Windows XP is really just meaningless as a security feature in my opinion. True, it stops some malware, today, but only because current malware has not been written to circumvent it. There simply are not enough environments that implement outbound rules for the mass market malware authors to need to worry about it. In an interactive attack the attacker can circumvent outbound filters at will. To see how, consider this. Circumventing outbound host-based firewall filters can be accomplished in several ways, depending on the scenario of the actual attack. First, the vast majority of Windows XP users run as administrators, and any malware running as an administrator can disable the firewall entirely. Of course, even if the outbound filter requires interaction from the user to open a port, the malware can cause the user to be presented with a sufficiently enticing and comprehensible dialog, that explains that without clicking "Yes" they will not ever get to see the "dancing pigs". See, the problem is that when the user is running as an administrator, or the evil code runs as an administrator, there is a very good chance that either the user or the code will simply disable the protection. Of course, the user does not really see that dialog, because it is utterly meaningless to users. That is problem number one with outbound filtering. Given the choice between security and sufficiently enticing rewards, like "dancing pigs", the "dancing pigs" will win every time. If the malware can either directly or indirectly turn off the protection, it will do so. The second problem is that even if the user, for some inexplicable reason clicked "No. Bug me again" or if the evil code is running in using a low-privileged account, such as Network Service, the malware can easily step right around the firewall other ways. As long as the account the code is running as can open outbound connections on any port the evil code can simply use that port. Ah, but outbound Firewalls can limit outbound traffic on a particular port to specific process. Not a problem, we just piggy back on an existing process that is allowed. Only if the recipient of the traffic filters based on both source and destination port, and extremely few services do that, is this technique for bypassing the firewall meaningful. The key problem is that most people think outbound host-based firewall filtering will keep a compromised asset from attacking other assets. This is impossible. Putting protective measures on a compromised asset and asking it not to compromise any other assets simply does not work. Protection belongs on the asset you are trying to protect, not the one you are trying to protect against! Asking the bad guys not to steal stuff after they have already broken into your house is unlikely to be nearly as effective as keeping them from breaking into the house in the first place."

Reality - "By default the Windows XP Firewall leaves a few connections open, such as 'File and Print Sharing, Remote Assistance, Remote Desktop or UPnP Framework' connections. These can easily be disabled by unchecking them in the exceptions tab and thus fully stealthing the Windows XP Firewall."

Notes - If you system is still failing a security scan with the Windows XP Firewall enabled, go to the 'Advanced' Tab, select 'Restore Defaults' and then uncheck all exceptions.

"Secret" Myths

There are various myths people incorrectly think are hidden Secrets, Easter eggs or bugs in Windows XP.

'CON' Folder

Myth - "Not being able to name a file or folder 'CON' is a bug or a secret"

Reality - "Several special file names are reserved by the system and cannot be used for files or folders: CON, AUX, COM1, COM2, COM3, COM4, LPT1, LPT2, LPT3, PRN, NUL. This goes back to DOS 1.0 which didn't support subdirectories, lowercase, or filenames longer than 8.3. 'CON' is a reserved word from the old DOS days, simply meaning 'console'. If you wanted to create a new text file in DOS you could type 'copy con newfile.txt' meaning copy from the console to newfile.txt. This would let you type some lines and when you ended the file you would have a file called newfile.txt containing whatever you wrote in the console. Since they are still relied on with things like batch files (redirect to >NUL) they are still reserved today."

Notes - This has nothing to do with the patched "DOS Device in Path Name" Vulnerability of Windows 95/98.

Myth - "There are Secret phrases like "bush hid the facts" you can type into Notepad"

Reality - "Notepad makes a best guess of which encoding to use when confronted with certain short strings of characters that lack special prefixes. The encodings that do not have special prefixes and which are still supported by Notepad are the traditional ANSI encoding (i.e., "plain ASCII") and the Unicode (little-endian) encoding with no BOM. When faced with a file that lacks a special prefix, Notepad is forced to guess which of those two encodings the file actually uses. The function that does this work is IsTextUnicode, which studies a chunk of bytes and does some statistical analysis to come up with a guess. Sometimes it guesses wrong and displays random characters after you save and open the file. Any combination of characters in the same order 4-3-3-5 will cause the same problem: "Bill lie and cheat" "this app can break", "hhhh hhh hhh hhhhh", "this isa bug dummy" ect..."

Reality - "No hidden version of Star Wars exists in Windows. This version is accessed over the Internet using a program called Telnet. Telnet is a simple, text-based program that allows you to connect to another computer by using the Internet. While Telnet is included in Windows, the ASCII (text-based) version of Star Wars is not. Simply disconnecting your Internet connection will prevent you from watching it. This is no different from watching a video file over the Internet but instead of using a web browser you are using the Telnet program. These text-based animations can be viewed online at ASCIIMATION.co.nz."

Notes - To prove this does not exist disconnect your Internet connection from your computer and try it again.

End

This page will be revised as new Myths are confirmed and added. Feel free to submit suggestions or comments to OptimizeXP@comcast.net. Do not send Technical Support Questions.

Legal Notice - Reproduction of this page in whole or in part is strictly forbidden. This guide and ALL versions thereof are protected by copyright under the Digital Millennium Copyright Act (DMCA). Feel free to link to this Guide.